4.1 Concepts

Access to context-classified documents is governed by rights, such as the right to open a document, the right to print it, and the right to copy information from it and paste it into another document. The rights are defined and assigned centrally by administrators, who group combinations of rights and end user identities into one or more "contexts".

4.1.1Domains

A domain is the top level entity that contains document roles and context templates.

4.1.1.1DomainRef

Domains are identified by a UUID value. Web services operations that need to identify a domain use the DomainRef type. A DomainRef contains only the information required to uniquely identify a domain; the UUID. The other properties of a domain, such as its labels, are not part of a DomainRef type.

4.1.2Context Templates

Context templates are identified by a UUID value within the owning domain. Web services operations that need to identify a template use the ContextTemplateRef type. A ContextTemplateRef contains the information required to uniquely identify a template: the UUID and the owning domain. The other properties of a template, such as its labels and roles, are not part of a ContextTemplateRef type.

4.1.2.1ContextTemplateRef

It is valid for two templates in different domains to have the same UUID value. The templates that are automatically installed when the first domain is created all have fixed UUID values. For example, the standard template has the UUID value 474dbb07-718b-4c4e-8f43-d2b723469573. Using these predefined UUID values means there is no need to look up a context template UUID before creating a ContextTemplateRef type.

4.1.2.2ContextTemplate

A ContextTemplate contains all the information about a context template, including the UUID and domain. For operations that require or return all the context template properties, a ContextTemplate is used.

4.1.3Contexts

Contexts are identified by a UUID value. Web services operations that need to identify a context use the ContextInstanceRef type. A ContextInstanceRef contains the information required to uniquely identify a context, the UUID. The other properties of a context, such as labels and item exclusions, are not part of a ContextInstanceRef type.

4.1.3.1ContextInstanceRef

4.1.3.2ContextInstance

A ContextInstance contains all the information about a context, including the UUID and labels. For operations that require or return all the context properties, a ContextInstance is used.

4.1.4Roles (Document Roles)

A document role defines a set of criteria that specify how sealed content can be used. A document role is assigned to a user or group, allowing the user to use sealed content in the way the role defines.

4.1.4.1DocumentRoleRef

Document roles are identified by a UUID value within the owning domain. Web services operations that need to identify a role use the DocumentRoleRef type. A DocumentRoleRef contains the information required to uniquely identify a role; the UUID and the owning domain. The other properties of a role, such as its labels and features, are not part of a DocumentRoleRef type.

It is valid for two roles in different domains to have the same UUID value. The roles that are automatically installed when the first domain is created all have fixed UUID values. For example, the contributor role has the UUID value a456140d-24dc-4cc2-8f23-1a72fb6c2d81. Using these predefined UUID values means there is no need to look up a context template UUID before creating a ContextTemplateRef type.

4.1.4.2DocumentRole

A DocumentRole contains all the information about a role, including the UUID and domain. For operations that require or return all the document role properties a DocumentRole is used.

4.1.5Rights (Document Rights)

Rights are identified by a UUID value. Web services operations that need to identify a right use the DocumentRightRef type. A DocumentRightRef contains the information required to uniquely identify a right, the UUID. The other properties of a right, such as assigned account and role, are not part of a DocumentRightRef type.